diff --git a/letsencrypt-apache/letsencrypt_apache/configurator.py b/letsencrypt-apache/letsencrypt_apache/configurator.py
index 31b5f0bc5..87687e38d 100644
--- a/letsencrypt-apache/letsencrypt_apache/configurator.py
+++ b/letsencrypt-apache/letsencrypt_apache/configurator.py
@@ -482,7 +482,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
         logger.debug(msg)
         self.save_notes += msg
 
-    def prepare_server_https(self, port, temp=False):
+    def prepare_server_https(self, port):
         """Prepare the server for HTTPS.
 
         Make sure that the ssl_module is loaded and that the server
@@ -493,7 +493,10 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
         """
         if "ssl_module" not in self.parser.modules:
             logger.info("Loading mod_ssl into Apache Server")
-            self.enable_mod("ssl", temp)
+            if self.config.func.__name__ == "auth":
+                self.enable_mod("ssl", temp=True)
+            else:
+                self.enable_mod("ssl", temp=False)
 
         # Check for Listen <port>
         # Note: This could be made to also look for ip:443 combo
@@ -1138,6 +1141,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
         if not self._chall_out:
             self.revert_challenge_config()
             self.restart()
+            self.parser.init_modules()
 
 
 def apache_restart(apache_init_script):
diff --git a/letsencrypt-apache/letsencrypt_apache/dvsni.py b/letsencrypt-apache/letsencrypt_apache/dvsni.py
index 11e69db61..b05156c5d 100644
--- a/letsencrypt-apache/letsencrypt_apache/dvsni.py
+++ b/letsencrypt-apache/letsencrypt_apache/dvsni.py
@@ -53,7 +53,7 @@ class ApacheDvsni(common.Dvsni):
             "le_dvsni_cert_challenge.conf")
 
     def perform(self):
-        """Peform a DVSNI challenge."""
+        """Perform a DVSNI challenge."""
         if not self.achalls:
             return []
         # Save any changes to the configuration as a precaution
@@ -62,7 +62,7 @@ class ApacheDvsni(common.Dvsni):
 
         # Prepare the server for HTTPS
         self.configurator.prepare_server_https(
-            str(self.configurator.config.dvsni_port), True)
+            str(self.configurator.config.dvsni_port))
 
         responses = []
 
diff --git a/letsencrypt-apache/letsencrypt_apache/parser.py b/letsencrypt-apache/letsencrypt_apache/parser.py
index e14569abc..da3fc97e7 100644
--- a/letsencrypt-apache/letsencrypt_apache/parser.py
+++ b/letsencrypt-apache/letsencrypt_apache/parser.py
@@ -51,7 +51,7 @@ class ApacheParser(object):
         # https://httpd.apache.org/docs/2.4/mod/core.html#ifmodule
         # This needs to come before locations are set.
         self.modules = set()
-        self._init_modules()
+        self.init_modules()
 
         # Set up rest of locations
         self.loc.update(self._set_locations())
@@ -60,13 +60,15 @@ class ApacheParser(object):
         # Sites-available is not included naturally in configuration
         self._parse_file(os.path.join(self.root, "sites-available") + "/*")
 
-    def _init_modules(self):
+    def init_modules(self):
         """Iterates on the configuration until no new modules are loaded.
 
         ..todo:: This should be attempted to be done with a binary to avoid
             the iteration issue.  Else... parse and enable mods at same time.
 
         """
+        # Since modules are being initiated... clear existing set.
+        self.modules = set()
         matches = self.find_dir("LoadModule")
 
         iterator = iter(matches)
diff --git a/letsencrypt-apache/letsencrypt_apache/tests/complex_parsing_test.py b/letsencrypt-apache/letsencrypt_apache/tests/complex_parsing_test.py
index d6112a486..406b6c39e 100644
--- a/letsencrypt-apache/letsencrypt_apache/tests/complex_parsing_test.py
+++ b/letsencrypt-apache/letsencrypt_apache/tests/complex_parsing_test.py
@@ -18,7 +18,7 @@ class ComplexParserTest(util.ParserTest):
         self.setup_variables()
         # This needs to happen after due to setup_variables not being run
         # until after
-        self.parser._init_modules()  # pylint: disable=protected-access
+        self.parser.init_modules()  # pylint: disable=protected-access
 
     def tearDown(self):
         shutil.rmtree(self.temp_dir)
diff --git a/letsencrypt-apache/letsencrypt_apache/tests/dvsni_test.py b/letsencrypt-apache/letsencrypt_apache/tests/dvsni_test.py
index c362d4115..884ec9e62 100644
--- a/letsencrypt-apache/letsencrypt_apache/tests/dvsni_test.py
+++ b/letsencrypt-apache/letsencrypt_apache/tests/dvsni_test.py
@@ -22,6 +22,7 @@ class DvsniPerformTest(util.ApacheTest):
         config = util.get_apache_configurator(
             self.config_path, self.config_dir, self.work_dir)
         config.config.dvsni_port = 443
+        config.config.func.__name__ = "auth"
 
         from letsencrypt_apache import dvsni
         self.sni = dvsni.ApacheDvsni(config)
diff --git a/letsencrypt-apache/letsencrypt_apache/tests/util.py b/letsencrypt-apache/letsencrypt_apache/tests/util.py
index b544e06ee..0782bef25 100644
--- a/letsencrypt-apache/letsencrypt_apache/tests/util.py
+++ b/letsencrypt-apache/letsencrypt_apache/tests/util.py
@@ -92,6 +92,9 @@ def get_apache_configurator(
 
             config.prepare()
 
+    # Simulate a 'run' by default
+    config.config.func.__name__ = "run"
+
     return config